# Copyright 2017 Istio Authors. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
#
#
# This is the global dictionary used by mixer client and server
# for sending mixer attributes.
#
# The main reason using yaml format is that it allows comments like this.
#
# Important update rules:
# * never remove, only add words at the end of file.
# * http headers should be lower case.
# * not duplication, all words have to be unique.
#
# Tools:
# 1) It can be converted to json by:
#  python -c 'import sys, yaml, json; json.dump(yaml.load(sys.stdin), \
#  sys.stdout, indent=4)' < global_dictionary.yaml
#
# 2) Use this to detect uniqueness and print out duplication:
#  python -c 'import yaml, collections; print [item for item, count in \
#  collections.Counter(yaml.load(open("global_dictionary.yaml"))).items() if count > 1]'
#

# Section 1: Standard Istio attribute vocabulary
# https://istio.io/docs/reference/config/mixer/attribute-vocabulary.html

- source.ip
- source.port
- source.name
- source.uid
- source.namespace
- source.labels
# source.user is to be deprecated, please refer to the attribute source.principal
- source.user

# target.* attributes have been renamed to destination.*
# They cannot be removed from this append only dictionary.
- target.ip
- target.port
- target.service
- target.name
- target.uid
- target.namespace
- target.labels
- target.user
- request.headers
- request.id
- request.path
- request.host
- request.method
- request.reason
- request.referer
- request.scheme
- request.size
- request.time
- request.useragent
- response.headers
- response.size
- response.time
- response.duration
- response.code

# Section 2: HTTP common headers extracted from
# https://tools.ietf.org/html/rfc7541#appendix-A
- :authority
- :method
- :path
- :scheme
- :status
- access-control-allow-origin
- access-control-allow-methods
- access-control-allow-headers
- access-control-max-age
- access-control-request-method
- access-control-request-headers
- accept-charset
- accept-encoding
- accept-language
- accept-ranges
- accept
- access-control-allow
- age
- allow
- authorization
- cache-control
- content-disposition
- content-encoding
- content-language
- content-length
- content-location
- content-range
- content-type
- cookie
- date
- etag
- expect
- expires
- from
- host
- if-match
- if-modified-since
- if-none-match
- if-range
- if-unmodified-since
- keep-alive
- last-modified
- link
- location
- max-forwards
- proxy-authenticate
- proxy-authorization
- range
- referer
- refresh
- retry-after
- server
- set-cookie
- strict-transport-sec
- transfer-encoding
- user-agent
- vary
- via
- www-authenticate

# HTTP methods
- GET
- POST

# Common strings
- http
- envoy
- '200'
- Keep-Alive
- chunked
- x-envoy-service-time
- x-forwarded-for
- x-forwarded-host
- x-forwarded-proto
- x-http-method-override
- x-request-id
- x-requested-with

# Popular content-type
- application/json
- application/xml
- gzip
- text/html
- text/html; charset=utf-8
- text/plain
- text/plain; charset=utf-8

# common strings
- '0'
- '1'
- true
- false
- gzip, deflate
- max-age=0
- x-envoy-upstream-service-time
- x-envoy-internal
- x-envoy-expected-rq-timeout-ms
- x-ot-span-context
- x-b3-traceid
- x-b3-sampled
- x-b3-spanid
- tcp

# connection attributes
- connection.id
- connection.received.bytes
- connection.received.bytes_total
- connection.sent.bytes
- connection.sent.bytes_total
- connection.duration

# context attributes
- context.protocol
- context.timestamp
- context.time

# common integer strings
- 0
- 1
- 200
- 302
- 400
- 401
- 403
- 404
- 409
- 429
- 499
- 500
- 501
- 502
- 503
- 504

- destination.ip
- destination.port
# destination.service is deprecated, please refer to destination.service.host
- destination.service
- destination.name
- destination.uid
- destination.namespace
- destination.labels
# destination.user is deprecated, please refer to destination.principal
- destination.user

# source.service is deprecated. please do not use moving forward.
- source.service

# api attributes
- api.service
- api.version
- api.operation
- api.protocol

# auth attributes
- request.auth.principal
- request.auth.audiences
- request.auth.presenter

# api key
- request.api_key

# check.error_code and error_message
- check.error_code
- check.error_message

- request.total_size
- response.total_size
# TCP connection event attribute.
- connection.event

# whether mixer check and quota calls hit cache.
- check.cache_hit
- quota.cache_hit

- source.principal
- request.auth.claims
- request.auth.raw_claims

# whether request is sent over mTLS enabled downstream connection.
- connection.mtls
- source.metadata
- source.owner
- source.services
- source.workload.uid
- source.workload.name
- source.workload.namespace

- destination.metadata
- destination.owner
- destination.principal
- destination.workload.uid
- destination.workload.name
- destination.workload.namespace
- destination.service.uid
- destination.service.name
- destination.service.namespace
- destination.service.host
- destination.container.name
- destination.container.image

- context.reporter.local
- context.reporter.uid

# gRPC trailer return status support
- response.grpc_status
- response.grpc_message

- context.reporter.type
- context.reporter.kind

# SNI, for TLS connections
- connection.requested_server_name

# url_path and query_params are derived from http path header.
# url_path is the path part of a url, with query params being stripped.
# query_params is the normalized query part of a url.
- request.url_path
- request.query_params

# context.proxy_error_code = %RESPONSE_FLAGS% in envoy access logs.
# Other proxies should return equivalent error messages.
- context.proxy_error_code
# following are the RESPONSE_FLAGS supported by envoy as of 2018-08-10
# https://www.envoyproxy.io/docs/envoy/latest/configuration/access_log#configuration
- UH
- UF
- UO
- NR
- LH
- UT
- LR
- UR
- UC
- DI
- FI
- RL
- "-"

- inbound
- outbound

- context.proxy_version
